Head Topics

Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online

United Kingdom News News

Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online
United Kingdom Latest News,United Kingdom Headlines
  • 📰 TheRegister
  • ⏱ Reading Time:
  • 47 sec. here
  • 2 min. at publisher
  • 📊 Quality Score:
  • News: 22%
  • Publisher: 61%

CISA calls for 'fundamental, security-focused reforms' to happen ASAP, delaying work on other software

A review of the June 2023 attack on Microsoft's Exchange Online hosted email service – which saw accounts used by senior US officials compromised by a China-linked group called"Storm-0558" – has found that the incident would have been preventable save for Microsoft's lax infosec culture and sub-par cloud security precautions.

Security risks should be fully and appropriately assessed and addressed before new features are deployed. pins the attack on key rotation practices used to secure the Microsoft Services Account – the identity management system underpinning the software giant's cloudy services for consumers. So when Storm-0558 obtained a key created in 2016, which should have been retired, it gained the ability to access the version of Outlook Web Access offered to consumers.

Other cloud providers, the report notes, are better at key rotation and implement other security controls Microsoft does not. Indeed, the report concludes that Microsoft still doesn't know how Storm-0558 got the key – but advanced the"the key was in a crash dump" theory in September 2023 and kept theMicrosoft finally amended the post on March 12, 2024, when it admitted it has not found a crash dump that contained the key.

We have summarized this news so that you can read it quickly. If you are interested in the news, you can read the full text here. Read more:

TheRegister /  🏆 67. in UK

United Kingdom Latest News, United Kingdom Headlines

Similar News:You can also read news stories similar to this one that we have collected from other news sources.

Microsoft slammed for lax security that led to China's cyber-raid on Exchange OnlineMicrosoft slammed for lax security that led to China's cyber-raid on Exchange OnlineCISA calls for 'fundamental, security-focused reforms' to happen ASAP, delaying work on other software
Read more »

Review of the June 2023 Attack on Microsoft's Exchange OnlineReview of the June 2023 Attack on Microsoft's Exchange OnlineThe review of the June 2023 attack on Microsoft's Exchange Online hosted email service reveals that the incident could have been prevented with better infosec culture and cloud security precautions.
Read more »

These 17,000 unpatched Microsoft Exchange servers are a ticking time bombThese 17,000 unpatched Microsoft Exchange servers are a ticking time bombOne might say this is a wurst case scenario
Read more »

Microsoft faces bipartisan criticism for alleged censorship on Bing in ChinaMicrosoft faces bipartisan criticism for alleged censorship on Bing in ChinaRedmond says it does what it's told, but still thinks users are better off
Read more »

Exchange Online blocked from sending email to AOL and YahooExchange Online blocked from sending email to AOL and YahooMicrosoft IP addresses on the spam naughty step
Read more »

OpenAI in Talks with Microsoft for $100 Billion SupercomputerOpenAI in Talks with Microsoft for $100 Billion SupercomputerOpenAI is reportedly discussing with Microsoft the construction of a massive supercomputer called Stargate, equipped with millions of AI accelerators. The project, estimated to cost up to $100 billion, is being considered for financing by Microsoft and is expected to be ready by 2028. The supercomputer's machine-learning accelerators, which can be quite expensive, are crucial for Microsoft's AI products that rely on OpenAI's models. Microsoft's partnership with OpenAI includes significant investments in infrastructure to maintain its position as the exclusive cloud provider for OpenAI.
Read more »



Render Time: 2025-02-15 06:10:57